Consulting Services

The thousands of network nodes running inside your organization not only needs continuous monitoring of their logs but a red team continuously trying to break into your infrastructure equipped with the most updated exploit library, both public and private such that we can not only to provide you with the most comprehensive assessment report with our semi-automated methodology, but also to help you address the gaps identified in the report.

E2Labs protects leading organizations in financial services, healthcare, technology and other industries, federal government agencies, the intelligence community, who must adhere to federal cyber security standards.

Governance Risk & Compliance Services

PCI Data Security Standard

ISO 27001 Assessment

GXP–Good Practice Security Assessment

Healthcare Compliance (HIPAA,HITECH,HITRUSTCSF)

Policy /Program Development

Security Strategy Development

Security Management Program (SMP)

Threat & Vulnerability

Application Vulnerability Scanning(AVS)

Network Vulnerability Scanning(VMS)

Penetration Testing(Web, Client-Server)

Application Vulnerability Assessment(AVA)

Secure Source Code Reviews

Mobile Application Security

Wireless Vulnerability Assessments

Onsite SOC Services

.

Identity Access Management

IAM Maturity and Roadmap

IAM Cloud Readiness

Role Management Design

IAM Solutions Integration

PKI Assessment

Data and Access Discovery

DLP Operationalization

.

Investigative Response

Computer Incident Response

Electronic Data Recovery

IT Investigations

IR Program Development

Health Check Services

Rapid ResponseRetainer

E-Discovery

Actual Scan Methodology

In this phase, analyst to ascertain the breadth/scope of the assessment. Main purpose is to identify and determine the total number of systems, servers and other network devices such as firewalls, routers, printers, etc. Outcome of this activity consists of hostnames, IP addresses and network range details. This activity helps to identify every possible avenue of attack surface. Few of the information which our analyst may gather are as follows:

Live systems identified in the above phase will be actively probed for responses that will reveal its operating system and version level. This activity helps to identify the known operating system vulnerabilities and loopholes which can be patched afterwards with the help of vendor advisory. Outcome of this activity

In this phase, E2Labs analyst will map the entire network as observed by him/her during the discovery and fingerprinting phase. This activity will help analyst to prioritize the network segment during the subsequent phases and obtain blueprint of the organization.

The aim of this phase is to identify open ports and services running on them. Testing of different ports and services depends upon the operating system types and services running on it. NMap and Unicornscan along with custom scripts incorporating OpenSSL and Netcat will be used by our analysts. Outcome of this activity will consist:

This phase provides holistic approach for risk management to an enterprise. Based on the information collected in first 4 phases, E2Labs analyst will find security weaknesses in target systems. It helps to identify how attack can be launched using identified entry points in the systems. This activity is carried out with the help of well-known commercial and non-commercial tools such
as Nessus, OpenVAS, Metasploit, etc. in addition to manual approach incorporating in-house scripts. Results of the automated scanners are manually verified in the next phase of the assessment. Types of checks performed are known vulnerabilities identification, configuration flaws, default credentials, patch level, etc.

The vulnerability assessment of any identified web application is conducted based on E2Labs Application Security Controls List. Verification: In above ‘vulnerability assessment’ phase, automated scanning tools generate multiple reports along with multiple vulnerabilities at various threat levels. The first action taken by E2Labs NISE (Network Intelligence and Security Experts) team is to thoroughly analyze and validate each test results generated by the above mentioned tools. It gives client the guarantee of ZERO false positives result at the end.

In order to gauge the business impact of identified vulnerabilities, E2Labs analysts may perform controlled exploitation with the client’s prior permission.
This phase is not mandatory. However for the client’s better understanding and to evaluate threat, this activity is recommended for the sample set of vulnerabilities. Outcome of this activity will consist:

In House Corporate Training

Security Awareness Bootcamps

Execution Scope

People

Process

Technology

People

People are the basic building blocks for any successful organisation. Having the right blend of policies and practices for it’s people can make or break an organisation. Our controls in the people category look at employment checks and balances, various skill enhancement and continuous capacity building initiatives, initiatives across verticals for information security sensitisation among others.

Process

Governance and Policies that lead to a streamlined process are the only way in which large companies can sustain and grow further. Both people and technology are blinded with a common thread of policies and perform optimally only when the policies compliment the existing human resource expertise on the available technology. Here we look at the ISMS policies of an organisation along with Physical & Environmental Security Process among other controls.

Technology

We test your technology stack with the best in line cyber attacks and known exploits to point out potential loop holes that can be exploited by an individual internal or external to the organisation to gain unauthorised access to business critical information. We look at technology assessment with a 4 layer approach that consist the following: